On 19 May 2017, the Cyberspace Administration of China (the “CAC“) released a revised draft of its Security Assessment for Personal Information and Important Data Transmitted Outside of the People’s Republic of China Measures (the “Second Draft Export Review Measures“).
The draft emerged just over a week after public comments closed on the first draft of … Continue Reading
Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue.
The … Continue Reading
In yet another key case dealing with the balance between citizens’ privacy and the ability of the state to intrude into it, the Court of Justice of the European Union (CJEU) has ruled on the compatibility with European Union law of legislation that authorises the retention of communications data, which includes personal data. The reference from the UK Court of … Continue Reading
In a case with major significance for foreign online businesses that do business in Russia, on Thursday, 10 November the Moscow City Court sustained a lower court ruling that granted the request of the Russian Data Protection Authority (Roskomnadzor) to block access to social network LinkedIn within Russian territory.
The Article 29 Working Party issued a revealing statement about the so-called EU-U.S. Umbrella Agreement, which is aimed at creating a high-level data protection framework in the context of transatlantic cooperation on criminal law enforcement.
As a sign of support for the deal, the Working Party welcomes the initiative to set up a general data protection framework in relation to … Continue Reading
The Court of Justice of the European Union (CJEU) has ruled that dynamic IP addresses are capable of constituting personal data under certain circumstances, ending years of speculation about whether such essential building blocks of the Internet qualified for protection under the EU Data Protection Directive.
In Patrick Breyer v Bundesrepublik Deutschland, the German Federal Court referred two questions … Continue Reading
Along with the concept of personal data, as opposed to anonymous data, the Regulation introduces a third category, that of pseudonymous data. Pseudonymous data is information that no longer allows the identification of an individual without additional information and is kept separate from it. Pseudonymisation, while granting higher data security, also enhances data utility. In exchange … Continue Reading
As reported in The New York Times, Hogan Lovells represented a diverse group of 15 major technology companies, such as Google, Facebook, Microsoft, Snapchat, and Cisco, in filing last week an amicus brief in In re Search of an Apple iPhone. The Times reports:
“‘These companies, which are often fierce competitors, have joined together to voice concern about … Continue Reading
On 26 January, Hong Kong’s Privacy Commissioner for Personal Data (Commissioner) published his annual report on 2015 complaints and enforcement activity under the Personal Data (Privacy) Ordinance (PDPO).
The report reveals that 871,000 Hong Kong individuals were affected by data breaches in 2015, compared with 47,000 in 2014. The 98 incidents reported to the Commissioner last year (an increase from … Continue Reading
The need for proper and legitimate powers to enable intelligence and law enforcement agencies to do their job and keep everyone safe requires little justification. We live in a dangerous and uncertain world where anyone can be a victim of intolerance. So in a show of political awareness and legislative dexterity, the UK government is currently seeking to adopt a … Continue Reading
On November 5, 2015, the Federal Communications Commission Enforcement Bureau announced a $595,000 settlement agreement with Cox Communications, Inc. to resolve an investigation into whether the company failed to properly protect its customers’ personal information when electronic data systems were breached in August 2014. According to the FCC, Cox exposed the personal information of numerous customers and failed to report … Continue Reading
In June 2013, the French National Commission on Information Technology and Liberties (Commission Nationale de l’Informatique et des Libertés, “CNIL”) announced that, following a question of Member of European Parliament Françoise Castex, it was going to investigate IP Tracking practices that e-commerce sites allegedly used to illegitimately increase their prices. This investigation was carried out in close connection with … Continue Reading